summaryrefslogtreecommitdiffstats
path: root/recipes-security
Commit message (Collapse)AuthorAgeFilesLines
* optee: fix the sha for 3.20 tagManorit Chawdhry2023-02-221-1/+1
| | | | | | | | | | The SHA for optee_os had been of 3.20-rc1 tag instead of 3.20 tag which had been marked stable. Change the tag to 3.20. Fixes: 280e7b4b3a17 ("optee: update optee components to 3.20 tag") Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* am62axx-evm: Add AM62A HS-FS evm configurationSai Sree Kartheek Adivi2023-02-141-0/+4
| | | | | | | | | | | Lets add the basic AM62A configuration - Add machine conf for AM62A. - The wic images will boot on AM62A HS-FS devices by default. The sysfw image for GP and HS-SE will be packaged in the wic image as tiboot3-am62ax-gp-evm.bin and tiboot3-am62ax-hs-evm.bin respectively. - Add ti-sci-firmware overrides. - Sign ATF, OPTEE and RTOS Firmware. Signed-off-by: Chirag Shilwant <c-shilwant@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* optee: update optee components to 3.20 tagManorit Chawdhry2023-02-083-7/+10
| | | | | | | | OPTEE tests is not being upgraded due to a newer python dependency for the build Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* optee: Revert "optee: update optee components to 3.20 tag"Ryan Eatmon2023-02-033-10/+7
| | | | | | | This reverts commit 9a007a3feab823eb4b72276103a08306b1abb066. We ran into some build failures on the older legacy platforms due to this change and so are reverting this while we investigate.
* optee: update optee components to 3.20 tagManorit Chawdhry2023-02-013-7/+10
| | | | | | | | OPTEE tests is not being upgraded due to a newer python dependency for the build Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* machine: Add AM62x HS-SE evm configurationChirag Shilwant2023-01-301-0/+4
| | | | | | | | | | | | | | Lets add the basic AM62x HS-SE configuration. - Add machine conf for AM62x HS-SE. - The wic images will boot on AM62x GP devices by default. To boot on AM62x HS-SE, simply switch out the SYSFW image: $ cd /mnt/sd-card/boot $ mv tiboot3-am62x-hs-evm.bin tiboot3.bin - Add ti-sci-firmware overrides. - Add support to sign ATF and OPTEE. Signed-off-by: Chirag Shilwant <c-shilwant@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* optee-os: Enable SW PRNG for OP-TEE in AM62XDhruva Gole2023-01-171-2/+2
| | | | | | | | | | | | | commit 98506a4a07363 ("optee-os: Update SRCREV for OP-TEE TRNG in AM62X") Disables SW PRNG => Enabling Hardware RNG. This is breaking Suspend Resume on AM62xx EVM variants. To fix this keep using SOFTWARE_PRNG enabled as it was. Cc: vibhore@ti.com Cc: Andrew Davis <afd@ti.com> Signed-off-by: Dhruva Gole <d-gole@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* hs: Deploy the unsigned versions of bl31 and bl32Ryan Eatmon2023-01-121-0/+4
| | | | | | | In addition to releasing the signed versions of the bl31.bin and bl32.bin files, also release the unsigned original versions. Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* machine: Add AM62Q HS-SE evm configurationChirag Shilwant2023-01-061-0/+4
| | | | | | | | | | | | Lets add the basic AM62Q HS-SE configuration. - Add configurations. - Add ti-sci-firmware overrides. - Add u-boot overrides. - Add optee overrides. - Add ti-rtos-firmware overrides. Signed-off-by: Chirag Shilwant <c-shilwant@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* optee-os: Lower log level for am62axxPraneeth Bajjuri2023-01-051-0/+1
| | | | | | | | | | | | Lower the log level for am62axx platform commit 27641e1f2d7f ("optee-os: Lower log level for AM62x") changes the log level for am62xx platforms. This patch is to extend the same for am62axx Signed-off-by: Praneeth Bajjuri <praneeth@ti.com> Reported-by: Sai Sree Kartheek Adivi <s-adivi@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* optee: update optee-client, optee-test, optee-examples to 3.19 tagManorit Chawdhry2023-01-053-6/+8
| | | | | | | | | optee-os was updated to 3.19 tag but the others were still outdated. Updates other optee components to 3.19 tag Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* optee-os: Revert to lower log level for AM62xKamlesh Gurudasani2023-01-051-0/+3
| | | | | | | | | | | | | While removing SOFTWARE_PRNG support commit:98506a4a07363a1b57012ccfaee263f47e5b46c4, accidently removed the changes applied by commit:27641e1f2d7f6696fd7bbd8f24fcac20766b6234 (optee-os: Lower log level for AM62x). Reverting those changes back Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* optee-os: Update SRCREV for OP-TEE TRNG in AM62XKamlesh Gurudasani2022-11-291-4/+1
| | | | | | | | | | | | Update the SRCREV to the commit when trng support was added in upstream OP-TEE for am62x platform to access rng. Also, enable trng support as trng support is added now in OP-TEE Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com> Signed-off-by: Jayesh Choudhary <j-choudhary@ti.com> Acked-by: Andrew Davis <afd@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* j784s4-hs: changes to support new hs platformManorit Chawdhry2022-11-151-0/+4
| | | | | | | | | | | Changes to support new j784s4-hs platform in: 1) ti-sci-fw_git: Update firmware prefix for j784s4-hs 2) atf: sign the image 4) optee: sign the image Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* optee-os: Upgrade to upstream 3.19.0Praneeth Bajjuri2022-10-311-2/+2
| | | | | | | Update to the latest upstream master which is 3.19.0. Signed-off-by: Praneeth Bajjuri <praneeth@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* optee-os: Enable TRNG driver as OP-TEE support is addedJayesh Choudhary2022-10-101-2/+0
| | | | | | | | OP-TEE upstream now has support for sa3ul for j721s2 platform. Re-enable the trng driver which was disabled earlier. Signed-off-by: Jayesh Choudhary <j-choudhary@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* optee-os: Update SRCREV for OP-TEE TRNG in J784S4Jayesh Choudhary2022-10-101-1/+1
| | | | | | | | Update the SRCREV to the commit when sa3ul support was added in upstream OP-TEE for J784S4 platform to access rng. Signed-off-by: Jayesh Choudhary <j-choudhary@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* optee-os: Lower log level for AM62xAndrew Davis2022-09-071-2/+2
| | | | | | | | | | | | During resume from low power mode suspend OP-TEE prints some messages on the UART. It seems this UART is not powered at this point in the sequence breaking suspend/resume. We should track down the exact prints and quiet them. Until we get that fix upstream, lets lower the log level for this platform to unblock the LPM work. Signed-off-by: Andrew Davis <afd@ti.com> Acked-by: Anand Gadiyar <gadiyar@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* optee-os: Upgrade to upstream 3.18.0Andrew Davis2022-09-071-2/+2
| | | | | | | | Update to the latest upstream master which is 3.18.0. Signed-off-by: Andrew Davis <afd@ti.com> Reviewed-by: Praneeth Bajjuri <praneeth@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* machine: add am62xx-lp-evm configurationAnand Gadiyar2022-08-291-0/+1
| | | | | | | | | | | | | This platform is similar to the currently supported am62xx-evm, except that we currently need new defconfigs for u-boot and new dtbs in the filesystem. Signed-off-by: Anand Gadiyar <gadiyar@ti.com> Cc: Hari Nagalla <hnagalla@ti.com> Cc: Andrew Davis <afd@ti.com> Cc: Praneeth Bajjuri <praneeth@ti.com> Cc: Ryan Eatmon <reatmon@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* optee-examples: Add dependency on python3-cryptography-nativeAndrew Davis2022-08-261-0/+3
| | | | | | | | | This is needed for building the latest optee-examples. While here switch to HTTPS for fetching from Github. Signed-off-by: Andrew Davis <afd@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* conf: machine: am64xx-evm: Make HS-SE the defaultAndrew Davis2022-08-261-1/+1
| | | | | | | | | | The HS-SE AM64xx machine can now be run on GP devices and built without needing the TI_SECURE_DEV_PKG for the same. AM64xx will only be available in the HS-FS type going forward. Make the HS-SE the default and remove the original GP machine. Signed-off-by: Andrew Davis <afd@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* optee-os: Allow build to continue without TI_SECURE_DEV_PKG setAndrew Davis2022-08-061-1/+6
| | | | | Signed-off-by: Andrew Davis <afd@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* optee-os: Use software RNG on AM62x and J721s2Andrew Davis2022-06-301-0/+4
| | | | | | | | | | The TRNG driver is not currently functional for these two platforms. Disable the TRNG driver until fixed. Reported-by: Vignesh Raghavendra <vigneshr@ti.com> Signed-off-by: Andrew Davis <afd@ti.com> Reviewed-by: Praneeth Bajjuri <praneeth@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* optee: Upgrade to upstream 3.17.0Andrew Davis2022-06-206-73/+13
| | | | | | | | | | | | | | | | | | | Update to the latest upstream master which is 3.17. We do this to add HUK and AM64x/AM62x support. With this we need to also switch OPTEEMACHINE for AM64x/AM62x. To build against the latest OP-TEE the support recipes need updated also. Move these here into meta-ti so that builds will still work when not using meta-arago-distro. The fix patches do not look to be needed anymore. While here switch to git checkout with https. NOTE: The latest OP-TEE requires SYSFW 8.04+ Signed-off-by: Andrew Davis <afd@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* j721s2-hs: changes to support new hs platformJayesh Choudhary2022-06-151-0/+4
| | | | | | | | | | | Changes to support new j721s2-hs platform in: 1) ti-sci-fw_git: Update firmware prefix for j721s2-hs 2) atf: sign the image 3) u-boot: Add u-boot-spl image for combined boot image 4) optee: sign the image Signed-off-by: Jayesh Choudhary <j-choudhary@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* optee-os: Add support for alternate consoleNishanth Menon2022-02-011-0/+2
| | | | | | | | | | | Actual systems may choose to use a different console from the default Allow the machine configurations to describe the same. Since the option provided is custom to TI K3, make this a k3 product override capability. Signed-off-by: Nishanth Menon <nm@ti.com> Signed-off-by: Ryan Eatmon <reatmon@ti.com>
* j7200-hs: changes to support new hs platformYogesh Siraswar2021-11-161-0/+4
| | | | | | | | | | Changes to support new j7200 hs platform in: 1) optee: sign the image 2) atf: sign the image 3) u-boot: Add u-boot-spl image for combined boot image 4) ti-sci-fw_git: Update firmware prefix for j7200 hs Signed-off-by: Yogesh Siraswar <yogeshs@ti.com>
* am64xx-hs: changes to support new hs platformYogesh Siraswar2021-11-151-0/+4
| | | | | | | | | Changes to support new am64x hs platform in: 1) optee: sign the image 2) atf: sign the image 3) u-boot: Add u-boot-spl image for combined boot image Signed-off-by: Yogesh Siraswar <yogeshs@ti.com>
* optee-os: upgrade to upstream 3.12.0Praneeth Bajjuri2021-06-284-166/+2
| | | | | | | | | | | | | | Upgrade optee-os to upstream 3.12.0 on dunfell branch. upstream optee 3.13.0 tag has the following patches. f50962e3 ta_dev_kit.mk: make sure that libutils is linked second time 73196b58 link.mk: implement support for libnames-after-libgcc variable 36e784f6 libutils: provide empty __getauxval() implementation Hence removing from here. Signed-off-by: Praneeth Bajjuri <praneeth@ti.com> Signed-off-by: Yogesh Siraswar <yogeshs@ti.com>
* optee-os: upgrade to upstream 3.11.0Denys Dmytriyenko2021-01-086-0/+239
| | | | | | | | | | | | | | | As meta-arm has this version in master, but not in dunfell, temporarily overlay corresponding patches locally - could be removed for the next release. Need to alter FILESEXTRAPATHS for bbappend to locate local patches. Since meta-arm/dunfell has 3.8-specific patches in SRC_URI, let's redefine it completely to match 3.11-specific patch list in meta-arm/master. Last, but not least, guard all upstream recipe varibales with "ti-soc" override to only affect platforms in meta-ti, but not any other BSPs. Signed-off-by: Denys Dmytriyenko <denis@denix.org> Signed-off-by: Dan Murphy <dmurphy@ti.com>
* optee-os: add TI signing calls via TI_SECURE_DEV_PKGDenys Dmytriyenko2020-10-101-0/+83
| | | | | | | | It was originally residing in meta-arago due to earlier dependency on meta-optee layer from meta-linaro. Now optee is in meta-arm and this code can move to meta-ti. Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Dan Murphy <dmurphy@ti.com>
* optee: mark compatible with ti-soc platformsDenys Dmytriyenko2020-04-141-0/+1
May need to limit this to HS platforms in the future, but since there's no SOC_FAMILY defined, listing them individually is rather painful now. Signed-off-by: Denys Dmytriyenko <denys@ti.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-07-02 17:03:28 +0000